TeamDrive is warning about the serious security risks being run by companies that ban document and file sharing services, such as Google Drive and Dropbox, without providing an encryption-based alternative.

According to the 1,300 respondents to a survey conducted by storage firm Nasuni, one in five employees is using Dropbox. What is more worrying is that 49 percent of users ignore corporate policies and use the service regardless.

This implies that the perceived benefits of having an unmanaged, unmonitored and unsupported element in business IT overrides any sense of responsibility. TeamDrive recommends accepting the irresistible trend by embracing it within a secure and manageable system such as its own.

Departments most likely to use file synchronizing services are IT, sales, finance and engineering – the latter three being sectors likely to have access to extremely business-sensitive data. Users around these departments are just as likely to be senior management as rank and file workers.

In May 2012, IBM was so concerned about the growing use of cloud file synchronization services that it banned its staff from using Dropbox and Apple’s iCloud. It is likely that others will follow suit but the growing use of Bring Your Own Device (BYOD) strategies makes enforcement difficult, if not impossible.

Many of the services available seem to be secure because they use encryption between the user and the service but this protection is stripped away at the receiving end and the files are stored by the service provider in the clear. If a hacker, or even a rogue employee of the storage firm, gains access to a cloud drive, it could be costly if sensitive documents are being passed through the service.

Even when documents are encrypted at rest in the cloud, the providers, such as Dropbox, use a single key held in their system to unlock files as they are accessed by the document’s owners or their sanctioned colleagues.

Spotlight

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”

The code redirects visitors to another URL where the Fiesta exploit kit is hosted, which then tries to detect and exploit several vulnerabilities in various software. If it succeeds, the visitors are saddled with a banking Trojan.

Looking for an Android-based tablet for your child but don't know which one to choose? If you are concerned about the device's protection against random hackers, Bluebox Security has just released a review of the nine most popular Android tablet models aimed specifically at children.